If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Windoze user trying to secure Linux

Being in the middle of making the change over to Linux.... or trying to as the case may be, I have been trying to work out how to secure it, at least a bit, before I let it loose on the Net. After reading posts on here I have downloaded myself a copy of Firestarter and Snort, to take care of the firewall/ IDS side of things, just having trouble finding a decent free piece of anti-virus software. The only ones I have managed to locate so far seem to run at the command line, or through scripting only. Being a windoze user most of the time I would much rather have a GUI to look at aswell as having real-time protection rather than having to rely on scheduled scans. Any ideas anybody... before I tear the rest of my hair out? lol

Any other tips on securing the Linux box would be appreciated to, the Linux box is running Mandrake 8.2 on an Intel platform, connected to the nia via a cable modem (USB connection)

The first thing you want to do is use the built-in firewall capabilities of the kernel. That will keep all the bad stuff out, unless you want to use it as a server of some sorts, then you could let *some* of that stuff in, if you wanted to. You DID compile support for iptables into your kernel, didn't you?

There are some GUI frontends for iptables/ipchains(PMFirewall, etc.), but I'm not familiar with them. There are numerous articles on the web on configuration of iptables/fwadmin.

Secondly, you'd want to look at hardening the OS, which would involve shutting down unnecessary services and patching known exploits.

I would worry about IDS last. If you properly lock your box down by hardening and firewalling, you'll have very little IDS stuff to worry about.

Thanks everyone for the advice, think I have enough to be going on with for a while, quite a long while infact. Anyway at the moment the *nix box is very secure, I can't manage to set up the network config to recognise the cable modem on the USB port, had to come back onto the 2000 pro box to even get on the net. Its going to be one of those days, lol